lowRISC · lowrisc-ci · Oct 30, 2025
diff --git a/sw/otbn/crypto/tests/BUILD b/sw/otbn/crypto/tests/BUILD
@@ -401,7 +401,7 @@ otbn_sim_test(
     srcs = [
         "p256_arithmetic_to_boolean_test.s",
     ],
-    exp = "p256_arithmetic_to_boolean_test.exp",
+    testcase = "p256_arithmetic_to_boolean_test.hjson",
     deps = [
         "//sw/otbn/crypto:p256_base",
         "//sw/otbn/crypto:p256_isoncurve",
@@ -415,7 +415,7 @@ otbn_sim_test(
     srcs = [
         "p256_arithmetic_to_boolean_mod_test.s",
     ],
-    exp = "p256_arithmetic_to_boolean_mod_test.exp",
+    testcase = "p256_arithmetic_to_boolean_mod_test.hjson",
     deps = [
         "//sw/otbn/crypto:p256_base",
         "//sw/otbn/crypto:p256_isoncurve",
@@ -457,7 +457,7 @@ otbn_sim_test(
     srcs = [
         "p384_boolean_to_arithmetic_test.s",
     ],
-    exp = "p384_boolean_to_arithmetic_test.exp",
+    testcase = "p384_boolean_to_arithmetic_test.hjson",
     deps = [
         "//sw/otbn/crypto:p384_b2a",
     ],
@@ -468,7 +468,7 @@ otbn_sim_test(
     srcs = [
         "p384_arithmetic_to_boolean_test.s",
     ],
-    exp = "p384_arithmetic_to_boolean_test.exp",
+    testcase = "p384_arithmetic_to_boolean_test.hjson",
     deps = [
         "//sw/otbn/crypto:p384_a2b",
         "//sw/otbn/crypto:p384_base",
@@ -480,7 +480,7 @@ otbn_sim_test(
     srcs = [
         "p384_arithmetic_to_boolean_mod_test.s",
     ],
-    exp = "p384_arithmetic_to_boolean_mod_test.exp",
+    testcase = "p384_arithmetic_to_boolean_mod_test.hjson",
     deps = [
         "//sw/otbn/crypto:p384_a2b",
         "//sw/otbn/crypto:p384_base",
@@ -593,7 +593,7 @@ otbn_sim_test(
     srcs = [
         "p384_keygen_test.s",
     ],
-    exp = "p384_keygen_test.exp",
+    testcase = "p384_keygen_test.hjson",
     deps = [
         "//sw/otbn/crypto:p384_base",
         "//sw/otbn/crypto:p384_keygen",
@@ -606,7 +606,7 @@ otbn_sim_test(
     srcs = [
         "p384_keygen_from_seed_test.s",
     ],
-    exp = "p384_keygen_from_seed_test.exp",
+    testcase = "p384_keygen_from_seed_test.hjson",
     deps = [
         "//sw/otbn/crypto:p384_b2a",
         "//sw/otbn/crypto:p384_base",

diff --git a/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_mod_test.exp b/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_mod_test.exp
diff --git a/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_mod_test.hjson b/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_mod_test.hjson
@@ -0,0 +1,22 @@
+// Copyright lowRISC contributors (OpenTitan project).
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+{
+  "entrypoint": "p256_arithmetic_to_boolean_mod_test",
+  "input": {
+    "regs": {
+      # w31 is zero
+      "w31": "0x0000000000000000000000000000000000000000000000000000000000000000"
+      # First arithmetic share of x.
+      "w11": "0x2328ce20226e4542f38f1ca699ce6272592fbe18c2d1a4f0eefd3e816b35c5e6",
+      # Second arithmetic share of x.
+      "w19": "0x53038ee6d4a25811969abf6f892fa008dc0f09fc3c6c760991349036bf81b6ba"
+    }
+  }
+  "output": {
+    "regs": {
+      # Unmasked result x.
+      "w20": "0x762c5d06f7109d548a29dc1622fe027b353ec814ff3e1afa8031ceb82ab77ca0",
+    }
+  }
+}
diff --git a/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_mod_test.s b/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_mod_test.s
@@ -12,10 +12,7 @@
 
 .section .text.start
 
-p256_arithmetic_to_boolean_test:
-
-  /* init all-zero register */
-  bn.xor    w31, w31, w31
+p256_arithmetic_to_boolean_mod_test:
 
   /* Load domain parameter.
      w29 = dmem[p256_p] */
@@ -26,58 +23,18 @@ p256_arithmetic_to_boolean_test:
   /* Set MOD to p */
   bn.wsrw   MOD, w29
 
-  /* Load values into WDRs */
-
-  /* w11 <= dmem[x] mod p */
-  li        x3, 11
-  la        x4, x
-  bn.lid    x3, 0(x4)
-  bn.addm   w11, w11, w31
-
-  /* w19 <= URND mod p */
-  bn.wsrr   w19, URND
-  bn.addm   w19, w19, w31
-
-  /* Arithmetic masking */
-
-  /* w11 = A <= w11 - w19 = x - r */
-  bn.subm    w11, w11, w19
-
   /* Arithmetic to boolean conversion */
   jal       x1, arithmetic_to_boolean_mod
 
-  /* Unmask and compare values
-     after conversion */
+  /* Unmask after conversion */
 
   /* w20 <= w20 ^ w19 = x' ^ r = x */
   bn.xor    w20, w20, w19
 
-  /* w10 <= dmem[x] mod p */
-  li        x3, 10
-  la        x4, x
-  bn.lid    x3, 0(x4)
-  bn.addm   w10, w10, w31
-
-  /* w0 <= w10 - w20 */
-  bn.sub    w0, w20, w10
-
   ecall
 
-
 .data
 
-.globl x
-.balign 32
-x:
-  .word 0x2ab77ca0
-  .word 0x8031ceb8
-  .word 0xff3e1afa
-  .word 0x353ec814
-  .word 0x22fe027b
-  .word 0x8a29dc16
-  .word 0xf7109d54
-  .word 0x762c5d06
-
 /* Public key z-coordinate. */
 .globl z
 .balign 32

diff --git a/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_test.exp b/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_test.exp
diff --git a/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_test.hjson b/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_test.hjson
@@ -0,0 +1,25 @@
+// Copyright lowRISC contributors (OpenTitan project).
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+{
+  "entrypoint": "p256_arithmetic_to_boolean_test",
+  "input": {
+    "regs": {
+      # w31 is zero
+      "w31": "0x0000000000000000000000000000000000000000000000000000000000000000",
+      # First arithmetic share of x.
+      "w11": "0x58b8977117dfeb954edfca6e9a7a6dc50957e6bd913a34a2d986834026276da7",
+      "w12": "0x0000000000000000000000000000000000000000000000000000000000000000",
+      # Second arithmetic share of x.
+      "w18": "0x1d73c595df30b1bf3b4a11a7888394b62be6e1576e03e657a6ab4b7804900ef9",
+      "w19": "0x0000000000000000000000000000000000000000000000000000000000000001"
+    }
+  }
+  "output": {
+    "regs": {
+      # Unmasked result x.
+      "w20": "0x762c5d06f7109d548a29dc1622fe027b353ec814ff3e1afa8031ceb82ab77ca0",
+      "w21": "0x0000000000000000000000000000000000000000000000000000000000000001",
+    }
+  }
+}
diff --git a/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_test.s b/sw/otbn/crypto/tests/p256_arithmetic_to_boolean_test.s
@@ -14,9 +14,6 @@
 
 p256_arithmetic_to_boolean_test:
 
-  /* init all-zero register */
-  bn.xor    w31, w31, w31
-
   /* Load domain parameter.
      w29 = dmem[p256_p] */
   li        x2, 29
@@ -26,87 +23,20 @@ p256_arithmetic_to_boolean_test:
   /* Set MOD to p */
   bn.wsrw   MOD, w29
 
-  /* Load values into WDRs */
-
-  /* w11 <= dmem[x_l] */
-  li        x3, 11
-  la        x4, x_l
-  bn.lid    x3, 0(x4)
-
-  /* w12 <= dmem[x_u] */
-  li        x3, 12
-  la        x4, x_u
-  bn.lid    x3, 0(x4)
-
-  /* w18 <= URND
-     w19 <= URND (1 bit) */
-  bn.wsrr   w18, URND
-  bn.wsrr   w19, URND
-  bn.rshi   w19, w31, w19 >> 255
-
-  /* Arithmetic masking */
-
-  /* [w12,w11] = A <= [w12,w11] - [w19,w18] mod 2^257 = x - r mod 2^257
-     This may result in bits above 2^257, but these will be stripped off. */
-  bn.sub    w11, w11, w18
-  bn.subb   w12, w12, w19
-  bn.rshi   w12, w12, w31 >> 1
-  bn.rshi   w12, w31, w12 >> 255
-
   /* Arithmetic to boolean conversion */
   jal       x1, arithmetic_to_boolean
 
-  /* Unmask and compare values
-     after conversion */
+  /* Unmask after conversion */
 
   /* w20 <= w20 ^ w18 = x' ^ r
      w21 <= w21 ^ w19 = x' ^ r */
   bn.xor    w20, w20, w18
   bn.xor    w21, w21, w19
 
-  /* w11 <= dmem[x_l] */
-  li        x3, 11
-  la        x4, x_l
-  bn.lid    x3, 0(x4)
-
-  /* w12 <= dmem[x_u] */
-  li        x3, 12
-  la        x4, x_u
-  bn.lid    x3, 0(x4)
-
-  /* [w1,w0] <= [w12,w11] - [w21,w20] */
-  bn.sub    w0, w11, w20
-  bn.subb   w1, w12, w21
-
   ecall
 
-
 .data
 
-.globl x_u
-.balign 32
-x_u:
-  .word 0x00000001
-  .word 0x00000000
-  .word 0x00000000
-  .word 0x00000000
-  .word 0x00000000
-  .word 0x00000000
-  .word 0x00000000
-  .word 0x00000000
-
-.globl x_l
-.balign 32
-x_l:
-  .word 0x2ab77ca0
-  .word 0x8031ceb8
-  .word 0xff3e1afa
-  .word 0x353ec814
-  .word 0x22fe027b
-  .word 0x8a29dc16
-  .word 0xf7109d54
-  .word 0x762c5d06
-
 /* Public key z-coordinate. */
 .globl z
 .balign 32

diff --git a/sw/otbn/crypto/tests/p384_arithmetic_to_boolean_mod_test.exp b/sw/otbn/crypto/tests/p384_arithmetic_to_boolean_mod_test.exp
diff --git a/sw/otbn/crypto/tests/p384_arithmetic_to_boolean_mod_test.hjson b/sw/otbn/crypto/tests/p384_arithmetic_to_boolean_mod_test.hjson
@@ -0,0 +1,25 @@
+// Copyright lowRISC contributors (OpenTitan project).
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+{
+  "entrypoint": "p384_arithmetic_to_boolean_mod_test",
+  "input": {
+    "regs": {
+      # w31 is zero
+      "w31": "0x0000000000000000000000000000000000000000000000000000000000000000"
+      # First arithmetic share of x.
+      "w11": "0x034084329b46f1f0d277b31ea21c79370defc8a41b42246d3f4aae8c76f51f07",
+      "w12": "0x000000000000000000000000000000007679a2adc67c5fc8dd94a7f9c7ebf0b3",
+      # Second arithmetic share of x.
+      "w18": "0xe6ed0dfd7175e4ce3b976dff369604fb339e0775ef413315f03ca38e57185a0b",
+      "w19": "0x00000000000000000000000000000000bec5256738c1bb31a29d26be62cb8bed"
+    }
+  }
+  "output": {
+    "regs": {
+      # Unmasked result x.
+      "w20": "0xea2d92300cbcd6bf0e0f211dd8b27e33418dd01b0a8357832f875219ce0d7913",
+      "w21": "0x00000000000000000000000000000000353ec814ff3e1afa8031ceb82ab77ca0"
+    }
+  }
+}